Security Mailing List... is there are any?


Is there any security mailing list we can subscribe to receive information about releases, security incidents, etc.?

Kind regards

For Vault, or CVE in common?

There are news feeds, too

For releases and other news of HashiCorp I would suggest watching the blog

And the newsletter (at the bottom of the side)


I’m already subscribed to the groups, blogs, etc. thank you, I’m looking for something dedicated only to hashicorp products, including CVE. Would be great to have some entry-level enterprise grade subscription, but there is none. An idea to extend the pricing model with such service?


Our changelogs (here is Vault’s, for example) are the best place to see when we’ve made security fixes. Security notifications live in SECURITY sections in the changelog. There is an example of such a section in our 1.3.4 release.

When we do a release announcement, we also highlight security fixes if there are any in the release.

Hope this is helpful, although it sounds like it might not be exactly what you’re looking for.

1 Like

Hi @avoidik,

I reached out to the HashiCorp security team, and they say this is something they’re working on as part of a bigger initiative. We’re very invested in making how we communicate about the security of our products as effective and efficient as possible, including being able to alert the correct audience of the correct things.

Can’t promise timelines however.

thank you for your answers, @ncabatoff really curious to know what it could be :slight_smile: